Fake FedEx ‘missed delivery’ emails infecting devices with ransomware

FedEx is often used by scammers to send spam emails and usually, such emails are considered as normal spam but little did we know recent FedEx spam emails contain ransomware malware attachments.

An email has been doing the rounds on the internet that appears to be a regular notification from FedEx related to a missed delivery. However, this is no ordinary email as it is yet another campaign to trick unsuspecting users into opening an attached invoice that contains ransomware malware.

The malware then encrypts the entire data on the system with this message:

“ATTENTION! All your documents, photos, databases and other important personal files were encrypted using a strong RSA-1024 algorithm with a unique key. Please remember: If you do not pay in (three) days YOU LOSE ALL YOUR FILES. Nobody can help you except us.”

When the user clicks on an attached file, the malware immediately infects the computer and locks out all the data including documents, pictures and databases.

Ransomware attacks are becoming a regularly occurring norm now and high profile businesses such as healthcare clinics,medical centers, law firms, payment processing firms and other financial and corporate entities are becoming recurrent victims of such campaigns. The reason why these companies serve as potential victims is that these contain a treasure trove of confidential data as well critically important details of their clients.

The reason behind asking for digital currency bitcoin in return of the encrypted data is that this currency is difficult to track in comparison to credit card transactions. It is true that the value of bitcoins fluctuates considerably but even then for malicious threat actors and cybercriminals, this is the safest possible way to make some money. In fact, it is quite a rewarding option since one bitcoin is equivalent to $600.

In this particular hack attack according to Statesman Journal,the victim Wolfgang Sailler, a financial planner from Salem, the capital of the U.S. state of Oregon, was asked to pay bitcoins that equaled $303, that is, 0.49885 bitcoins in exchange of file retrieval.

However, Sailler denied and replied, “I’m not going to pay.” Because Sailler has stored all his important data and private details on another computer and therefore, he paid no heed to the attacker’s requests for ransom. Yet, Sailler was worried that the hacker will most definitely target another business since his business partner also received a different version of this email. Both the emails contained FedEx logo but had all the signs of a scam such as bad grammar and spelling errors as well as badly copied logos.

FedEx also received reports about such fake emails that claimed to be sent from the reps of FedEx. In an official statement, the company warned its customers that “the frequency of this email tends to increase close to the holiday season, presumably to exploit the growth in shipping volumes.” Therefore, FedEx advised that people should refrain from opening the attachment and also remove this email immediately or forward it to their email ID abuse@fedex.com.

First thing first: Always keep a backup of your data but what would you do if your system became infected with ransomware or someone has hacked your site and demanding ransom? The FBI tell victims to pay the ransom, however, this is not the solution as it only encourages cyber criminals to boost their activities. But keeping a backup will help you big time. Also, Kaspersky and Intel assisted by Europol and Dutch Police recently launched an anti-ransomware website‘No More Ransom’in order to assist Internet users against ransomware by recovering their files at no cost to stop them from payment ransom to criminals.

Agan Uzunovic is a Bosnian journalist who is working for the country's largest newspaper. He has a keen interest in reporting on activism and hacktivism. He is also a contributor at U.S based Revolution News media. Agan reports and writes for HackRead on IT security related topics.

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.